fix: podman connect

2025-12-21 22:25:57 +01:00
parent c197f28013
commit 10f4eb5817
23 changed files with 291 additions and 571 deletions
@@ -1,62 +0,0 @@
---
-services:
-  immich-server:
-    container_name: immich_server
-    image: {{ immich_server_image }}:{{ immich_version }}
-    networks:
-      - databases
-      - immich
-    extra_hosts:
-      - "{{ immich_postgres_host }}:{{ podman_subnet_gateway }}"
-      - "{{ immich_valkey_host }}:{{ podman_subnet_gateway }}"
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - {{ immich_upload_location }}:/data:rw,Z
-    environment:
-      DB_HOSTNAME: {{ immich_postgres_host }}
-      DB_PORT: {{ immich_postgres_port }}
-      DB_USERNAME: {{ immich_postgres_user }}
-      DB_PASSWORD: {{ immich_postgres_password }}
-      DB_DATABASE_NAME: {{ immich_postgres_db_name }}
-      REDIS_HOSTNAME: {{ immich_valkey_host }}
-      REDIS_PORT: {{ immich_valkey_port }}
-      REDIS_USERNAME: {{ immich_valkey_user }}
-      REDIS_PASSWORD: {{ immich_valkey_password }}
-      REDIS_DBINDEX: {{ immich_valkey_db }}
-      IMMICH_MACHINE_LEARNING_URL: http://immich-machine-learning:3003
-      UPLOAD_LOCATION: {{ immich_upload_location }}
-      TZ: {{ immich_timezone }}
-    ports:
-      - "{{ immich_port }}:2283"
-    restart: always
-    healthcheck:
-      test: ["CMD-SHELL", "curl -f http://localhost:2283/api/server/ping"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 60s
-
-  immich-machine-learning:
-    container_name: immich_machine_learning
-    image: {{ immich_ml_image }}:{{ immich_version }}
-    networks:
-      - immich
-    volumes:
-      - model-cache:/cache
-    restart: always
-    healthcheck:
-      test: ["CMD", "python", "/usr/src/healthcheck.py"]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 60s
-
-networks:
-  databases:
-    name: podman
-    external: true
-  immich:
-    driver: bridge
-
-volumes:
-  model-cache:
@@ -8,9 +8,9 @@ Type=oneshot
 RemainAfterExit=true
 User={{ ansible_user }}
 Group={{ ansible_user }}
-WorkingDirectory={{ podman_projects_dir }}/immich
-ExecStart=/usr/bin/podman-compose up -d
-ExecStop=/usr/bin/podman-compose down
+WorkingDirectory={{ podman_projects_dir | default('/opt/podman') }}/immich
+ExecStart=/usr/bin/podman play kube --replace immich.yaml
+ExecStop=/usr/bin/podman play kube --down immich.yaml
 Restart=on-failure
 RestartSec=10

@@ -0,0 +1,102 @@
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: immich
+  labels:
+    app: immich
+  annotations:
+    io.podman.annotations.network.mode: bridge
+    io.podman.annotations.network.name: podman-gw
+spec:
+  containers:
+    - name: server
+      image: {{ immich_server_image }}:{{ immich_version }}
+      ports:
+        - containerPort: 2283
+          hostPort: {{ immich_port }}
+      env:
+        - name: DB_HOSTNAME
+          value: "{{ immich_postgres_host }}"
+        - name: DB_PORT
+          value: "{{ immich_postgres_port }}"
+        - name: DB_USERNAME
+          value: "{{ immich_postgres_user }}"
+        - name: DB_PASSWORD
+          value: "{{ immich_postgres_password }}"
+        - name: DB_DATABASE_NAME
+          value: "{{ immich_postgres_db_name }}"
+        - name: REDIS_HOSTNAME
+          value: "{{ immich_valkey_host }}"
+        - name: REDIS_PORT
+          value: "{{ immich_valkey_port }}"
+        - name: REDIS_USERNAME
+          value: "{{ immich_valkey_user }}"
+        - name: REDIS_PASSWORD
+          value: "{{ immich_valkey_password }}"
+        - name: REDIS_DBINDEX
+          value: "{{ immich_valkey_db }}"
+        - name: IMMICH_MACHINE_LEARNING_URL
+          value: http://localhost:3003
+        - name: UPLOAD_LOCATION
+          value: /data
+        - name: TZ
+          value: "{{ immich_timezone }}"
+      volumeMounts:
+        - name: localtime
+          mountPath: /etc/localtime
+          readOnly: true
+        - name: immich-data
+          mountPath: /data
+      livenessProbe:
+        httpGet:
+          path: /api/server/ping
+          port: 2283
+        initialDelaySeconds: 60
+        periodSeconds: 30
+        timeoutSeconds: 10
+        failureThreshold: 3
+      restartPolicy: Always
+
+    - name: machine-learning
+      image: {{ immich_ml_image }}:{{ immich_version }}
+      env:
+        - name: TZ
+          value: "{{ immich_timezone }}"
+      volumeMounts:
+        - name: model-cache
+          mountPath: /cache
+      livenessProbe:
+        exec:
+          command:
+            - python
+            - /usr/src/healthcheck.py
+        initialDelaySeconds: 60
+        periodSeconds: 30
+        timeoutSeconds: 10
+        failureThreshold: 3
+      restartPolicy: Always
+
+  volumes:
+    - name: localtime
+      hostPath:
+        path: /etc/localtime
+        type: File
+    - name: immich-data
+      hostPath:
+        path: {{ immich_upload_location }}
+        type: Directory
+    - name: model-cache
+      persistentVolumeClaim:
+        claimName: immich-model-cache
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: immich-model-cache
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
@@ -25,10 +25,10 @@ server {
    ssl_certificate_key /etc/letsencrypt/live/{{ immich_nginx_hostname }}/privkey.pem;

    # SSL configuration
-    ssl_protocols {{ nginx_ssl_protocols }};
-    ssl_prefer_server_ciphers {{ 'on' if nginx_ssl_prefer_server_ciphers else 'off' }};
+    ssl_protocols {{ nginx_ssl_protocols | default('TLSv1.3') }};
+    ssl_prefer_server_ciphers on;

-{% if nginx_log_backend == 'journald' %}
+{% if nginx_log_backend | default('journald') == 'journald' %}
    access_log syslog:server=unix:/dev/log,nohostname,tag=nginx_immich;
    error_log syslog:server=unix:/dev/log,nohostname,tag=nginx_immich;
 {% else %}